Hoang Nguyen

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 101.0.4951.41 Microsoft Edge (affected versions not specified) **Description** The issue is related to insufficient data validation in Dev Tools, which can be exploited by a remote attacker to bypass content security policy. This can be achieved via a crafted HTML page. The vulnerability may allow an attacker to disclose protected information. **Recommendations** For Google Chrome versions prior to 101.0.4951.41, update to version 101.0.4951.41 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.27 **Description** An issue was discovered in the JForm API, where inadequate escaping in the rules field leads to a XSS vulnerability. **Recommendations** For versions 3.0.0 through 3.9.27, update to a version that includes the fix for the inadequate escaping issue in the JForm API rules field.

**Name of the Vulnerable Software and Affected Versions** Joomla! versions 3.0.0 through 3.9.25 **Description** An issue was discovered that allows XSS attacks due to inadequate escaping. This is possible using the `logo` parameter of the default templates on the error page. **Recommendations** For Joomla! versions 3.0.0 through 3.9.25, update to a version that contains a fix for this issue to prevent XSS attacks.